Dropbox blames spam on employee re-using password

An employee who reused his or her work password on another site which was then hacked has been blamed for the spam sent to members.

The hackers used the password to raid the employee's online locker, and found a document containing email addresses registered with Dropbox accounts.

About a fortnight ago, customers began to complain about a number of spam emails about gambling sites being sent to email addresses that were used exclusively with their Dropbox accounts.

Dropbox said in a statement: “Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.

“A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.

“At the same time, we strongly recommend you improve your online safety by setting a unique password for each website you use. Though it’s easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk.”

Join us, it's free.

Become a member to get access to:

  • Exclusive Content
  • Daily and specialised newsletters
  • Research and analysis

Join us, it’s free.

Want to read this article and others just like it? All you need to do is become a member of The Drum. Basic membership is quick, free and you will be able to receive daily news updates.